lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 4 Oct 2021 11:06:57 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...ts.01.org, Daniel Palmer <daniel@...f.com>
Cc:     lkp@...el.com, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org
Subject: [chenxing:msc313_mainlining 55/62] drivers/gpio/gpiolib.c:1130
 gpiochip_hierarchy_irq_domain_alloc() warn: variable dereferenced before
 check 'd->parent' (see line 1119)

tree:   git://github.com/linux-chenxing/linux.git msc313_mainlining
head:   1b2db4b2c68fdb4acc386166e82a28dfbc808705
commit: fd6b9913190ecb45cee3195dc919b7ba841e625f [55/62] gpiolib: Move setting the flow handler and don't set it at all if there is a parent domain
config: i386-randconfig-m021-20211002 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>

smatch warnings:
drivers/gpio/gpiolib.c:1130 gpiochip_hierarchy_irq_domain_alloc() warn: variable dereferenced before check 'd->parent' (see line 1119)

vim +1130 drivers/gpio/gpiolib.c

fdd61a013a24f26 Linus Walleij 2019-08-08  1071  static int gpiochip_hierarchy_irq_domain_alloc(struct irq_domain *d,
fdd61a013a24f26 Linus Walleij 2019-08-08  1072  					       unsigned int irq,
fdd61a013a24f26 Linus Walleij 2019-08-08  1073  					       unsigned int nr_irqs,
fdd61a013a24f26 Linus Walleij 2019-08-08  1074  					       void *data)
fdd61a013a24f26 Linus Walleij 2019-08-08  1075  {
fdd61a013a24f26 Linus Walleij 2019-08-08  1076  	struct gpio_chip *gc = d->host_data;
fdd61a013a24f26 Linus Walleij 2019-08-08  1077  	irq_hw_number_t hwirq;
fdd61a013a24f26 Linus Walleij 2019-08-08  1078  	unsigned int type = IRQ_TYPE_NONE;
fdd61a013a24f26 Linus Walleij 2019-08-08  1079  	struct irq_fwspec *fwspec = data;
242587616710576 Kevin Hao     2020-01-14  1080  	void *parent_arg;
fdd61a013a24f26 Linus Walleij 2019-08-08  1081  	unsigned int parent_hwirq;
fdd61a013a24f26 Linus Walleij 2019-08-08  1082  	unsigned int parent_type;
fdd61a013a24f26 Linus Walleij 2019-08-08  1083  	struct gpio_irq_chip *girq = &gc->irq;
fdd61a013a24f26 Linus Walleij 2019-08-08  1084  	int ret;
fdd61a013a24f26 Linus Walleij 2019-08-08  1085  
fdd61a013a24f26 Linus Walleij 2019-08-08  1086  	/*
fdd61a013a24f26 Linus Walleij 2019-08-08  1087  	 * The nr_irqs parameter is always one except for PCI multi-MSI
fdd61a013a24f26 Linus Walleij 2019-08-08  1088  	 * so this should not happen.
fdd61a013a24f26 Linus Walleij 2019-08-08  1089  	 */
fdd61a013a24f26 Linus Walleij 2019-08-08  1090  	WARN_ON(nr_irqs != 1);
fdd61a013a24f26 Linus Walleij 2019-08-08  1091  
fdd61a013a24f26 Linus Walleij 2019-08-08  1092  	ret = gc->irq.child_irq_domain_ops.translate(d, fwspec, &hwirq, &type);
fdd61a013a24f26 Linus Walleij 2019-08-08  1093  	if (ret)
fdd61a013a24f26 Linus Walleij 2019-08-08  1094  		return ret;
fdd61a013a24f26 Linus Walleij 2019-08-08  1095  
366950eeb6ee7ba Kevin Hao     2020-01-20  1096  	chip_dbg(gc, "allocate IRQ %d, hwirq %lu\n", irq,  hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08  1097  
fdd61a013a24f26 Linus Walleij 2019-08-08  1098  	ret = girq->child_to_parent_hwirq(gc, hwirq, type,
fdd61a013a24f26 Linus Walleij 2019-08-08  1099  					  &parent_hwirq, &parent_type);
fdd61a013a24f26 Linus Walleij 2019-08-08  1100  	if (ret) {
fdd61a013a24f26 Linus Walleij 2019-08-08  1101  		chip_err(gc, "can't look up hwirq %lu\n", hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08  1102  		return ret;
fdd61a013a24f26 Linus Walleij 2019-08-08  1103  	}
366950eeb6ee7ba Kevin Hao     2020-01-20  1104  	chip_dbg(gc, "found parent hwirq %u\n", parent_hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08  1105  
fdd61a013a24f26 Linus Walleij 2019-08-08  1106  	/* This parent only handles asserted level IRQs */
242587616710576 Kevin Hao     2020-01-14  1107  	parent_arg = girq->populate_parent_alloc_arg(gc, parent_hwirq, parent_type);
242587616710576 Kevin Hao     2020-01-14  1108  	if (!parent_arg)
242587616710576 Kevin Hao     2020-01-14  1109  		return -ENOMEM;
242587616710576 Kevin Hao     2020-01-14  1110  
366950eeb6ee7ba Kevin Hao     2020-01-20  1111  	chip_dbg(gc, "alloc_irqs_parent for %d parent hwirq %d\n",
fdd61a013a24f26 Linus Walleij 2019-08-08  1112  		  irq, parent_hwirq);
c34f6dc8c9e6bbe Stephen Boyd  2020-01-14  1113  	irq_set_lockdep_class(irq, gc->irq.lock_key, gc->irq.request_key);
242587616710576 Kevin Hao     2020-01-14  1114  	ret = irq_domain_alloc_irqs_parent(d, irq, 1, parent_arg);
880b7cf22e8ca08 Kevin Hao     2020-01-14  1115  	/*
880b7cf22e8ca08 Kevin Hao     2020-01-14  1116  	 * If the parent irqdomain is msi, the interrupts have already
880b7cf22e8ca08 Kevin Hao     2020-01-14  1117  	 * been allocated, so the EEXIST is good.
880b7cf22e8ca08 Kevin Hao     2020-01-14  1118  	 */
880b7cf22e8ca08 Kevin Hao     2020-01-14 @1119  	if (irq_domain_is_msi(d->parent) && (ret == -EEXIST))
                                                                              ^^^^^^^^^
Unchecked dereference.

880b7cf22e8ca08 Kevin Hao     2020-01-14  1120  		ret = 0;
fdd61a013a24f26 Linus Walleij 2019-08-08  1121  	if (ret)
fdd61a013a24f26 Linus Walleij 2019-08-08  1122  		chip_err(gc,
fdd61a013a24f26 Linus Walleij 2019-08-08  1123  			 "failed to allocate parent hwirq %d for hwirq %lu\n",
fdd61a013a24f26 Linus Walleij 2019-08-08  1124  			 parent_hwirq, hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08  1125  
242587616710576 Kevin Hao     2020-01-14  1126  	kfree(parent_arg);
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1127  
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1128  	if (!ret) {
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1129  		/* If there is a parent domain leave the flow handler alone */
fd6b9913190ecb4 Daniel Palmer 2021-09-30 @1130  		if(d->parent)
                                                                   ^^^^^^^^^
Checked too late.  (Already Oopsed?)

fd6b9913190ecb4 Daniel Palmer 2021-09-30  1131  			irq_domain_set_hwirq_and_chip(d,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1132  					irq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1133  					hwirq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1134  					gc->irq.chip,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1135  					gc);
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1136  		/* Otherwise set the flow handler supplied by the gpio driver */
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1137  		else
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1138  			irq_domain_set_info(d,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1139  					    irq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1140  					    hwirq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1141  					    gc->irq.chip,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1142  					    gc,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1143  					    girq->handler,
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1144  					    NULL, NULL);
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1145  		irq_set_probe(irq);
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1146  	}
fd6b9913190ecb4 Daniel Palmer 2021-09-30  1147  
fdd61a013a24f26 Linus Walleij 2019-08-08  1148  	return ret;
fdd61a013a24f26 Linus Walleij 2019-08-08  1149  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ